Slackware 10.2 Changelog

By srlinuxx

Created 16/09/2005 - 1:34am

Submitted by srlinuxx on Friday 16th of September 2005 01:34:33 AM

Mon Sep 12 22:48:09 PDT 2005
a/util-linux-2.12p-i486-2.tgz: Patched an issue with umount where if
the umount failed when the '-r' option was used, the filesystem would
be remounted read-only but without any extra flags specified in
/etc/fstab. This could allow an ordinary user able to mount a floppy
or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a
setuid binary from removable media and gain root privileges.
Reported to BugTraq by David Watson:
http://www.securityfocus.com/archive/1/410333
(* Security fix *)
ap/mdadm-2.1-i486-1.tgz: Upgraded to mdadm-2.1.
n/dnsmasq-2.23-i486-1.tgz: Upgraded to dnsmasq-2.23.
n/nmap-3.93-i486-1.tgz: Upgraded to nmap-3.93.
extra/k3b/k3b-0.12.4a-i486-1.tgz: Upgraded to k3b-0.12.4a.
extra/k3b/k3b-i18n-0.12.4-noarch-1.tgz: Upgraded to k3b-i18n-0.12.4.
+--------------------------+
Mon Sep 12 19:02:13 PDT 2005
a/aaa_elflibs-10.2.0-i486-3.tgz: Upgraded PCRE library.
a/dcron-2.3.3-i486-5.tgz: Added a patch to keep dcron from improperly
forking extra copies of itself in some circumstances.
(Thanks to Henrik Carlqvist)
a/mkinitrd-1.0.1-i486-3.tgz: Added tftp support to busybox, updated
README.initrd examples to refer to the 2.6.13 kernel.
ap/sox-12.17.8-i486-1.tgz: Upgraded to sox-12.17.8.
(Thanks to Peter Eszlari)
ap/vorbis-tools-1.1.1-i486-1.tgz: Upgraded to vorbis-tools-1.1.1.
(Thanks to Peter Eszlari)
l/libvorbis-1.1.1-i486-1.tgz: Upgraded to libvorbis-1.1.1.
(Thanks to Peter Eszlari)
l/libxml2-2.6.21-i486-1.tgz: Upgraded to libxml2-2.6.21.
l/libxslt-1.1.15-i486-1.tgz: Upgraded to libxslt-1.1.15.
l/pcre-6.4-i486-1.tgz: Upgraded to pcre-6.4.
n/dhcpcd-1.3.22pl4-i486-2.tgz: Patched an issue where a remote attacker can
cause dhcpcd to crash.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
(* Security fix *)
n/wget-1.10.1-i486-3.tgz: Install /etc/wgetrc properly.
(Thanks to Fred Emmott)
xap/gftp-2.0.18-i486-1.tgz: Upgraded to gftp-2.0.18.
(Thanks to Peter Eszlari)
xap/gxine-0.4.7-i486-1.tgz: Upgraded to gxine-0.4.8.
xap/sane-1.0.16-i486-1.tgz: Upgraded to sane-backends-1.0.16.
xap/xchat-2.4.5-i486-1.tgz: Upgraded to xchat-2.4.5.
xap/xpdf-3.01-i486-2.tgz: Added missing Bulgarian.nameToUnicode.
(Thanks to Dimitar Zhekov)
xap/xsane-0.97-i486-1.tgz: Upgraded to xsane-0.97.
extra/slackpkg/slackpkg-1.5.2-noarch-2.tgz:
Upgraded to slackpkg-1.5.2-noarch-2. (Thanks to Piter Punk)
+--------------------------+
Sat Sep 10 22:21:22 PDT 2005
OK, everything was set in stone except for these things.
There may still be a couple more changes (maybe), but this is pretty close.
a/aaa_base-10.2.0-noarch-2.tgz: Fixed rp-pppoe version number in email
to root. (thanks to Piter Punk)
a/aaa_elflibs-10.2.0-i486-2.tgz: Upgraded glib libraries to 2.6.6.
a/bash-3.0-i486-3.tgz: Added bash patch bash30-016.
(suggested by Fredrik Rinnestam and Xavier Thomassin)
Added a patch to prevent an issue with newer glibc versions and 2.4.x
kernels that leads to a bash hang if bash is recompiled on such a system.
(Thanks to Fredrik Rinnestam)
a/glibc-solibs-2.3.5-i486-5.tgz: Recompiled against header files from
linux 2.4.31 (linuxthreads version) and linux 2.6.13 (NPTL version).
a/glibc-zoneinfo-2.3.5-noarch-5.tgz: Rebuilt.
ap/vim-6.3.086-i486-1.tgz: Upgraded vim to patchlevel 86, and upgraded to
ctags-5.5.4.
l/esound-0.2.36-i486-1.tgz: Upgraded to esound-0.2.36.
l/glib2-2.6.6-i486-1.tgz: Upgraded to glib-2.6.6.
l/glibc-2.3.5-i486-5.tgz: Recompiled.
l/glibc-i18n-2.3.5-noarch-5.tgz: Rebuilt.
l/glibc-profile-2.3.5-i486-5.tgz: Recompiled.
l/gtk+2-2.6.10-i486-1.tgz: Upgraded to gtk+-2.6.10.
l/pango-1.8.2-i486-1.tgz: Upgraded to pango-1.8.2.
Thanks to Giacomo Lozito for pointing the bugfix releases of glib, gtk+,
and pango out. The 2.8 series still needs time to stabilize and may present
some compatibility issues (just a guess), and the version bump on atk-1.10.1
makes me want to play it safe on that one as well. We'll get to those in the
next -current.
l/sdl-1.2.9-i486-1.tgz: Upgraded to SDL-1.2.9, SDL_image-1.2.4,
SDL_mixer-1.2.6, and SDL_ttf-2.0.7.
n/nmap-3.90-i486-1.tgz: Upgraded to nmap-3.90. (suggested by many
n/wget-1.10.1-i486-2.tgz: Change /etc/wgetrc to /etc/wgetrc.new so that it'll
be protected from replacement the next time this package is upgraded.
Suggested by Luigi Genoni.
xap/xvim-6.3.086-i486-1.tgz: Upgraded X version of vim to patchlevel 86, and
upgraded to ctags-5.5.4.
+--------------------------+
Thu Sep 8 17:48:59 PDT 2005
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.13-i486-1.tgz:
Recompiled for 2.6.13. Thanks to xgizzmo for catching the omission.
+--------------------------+
Thu Sep 8 13:24:58 PDT 2005
OK folks, this is just about ready to go. Consider nearly everything to
be set in stone at this point, especially the kernels. Zipslack has yet
to be built, and some of the documentation needs minor updating, but for
the most part this is how Slackware 10.2 is going to look. Expect a
release to happen sometime within the next week or so.
Also, a bit of advance warning: I'm going to be removing most of the
ISO images for old Slackware releases from ftp.slackware.com in order to
make room for the new release, so if you're running a mirror site and
want to save those, move them elsewhere now before they go. The ISO
images at slackware.osuosl.org in /pub/slackware-iso/ will remain, but
the ones at ftp.slackware.com and other sites under /pub/slackware are
all potentially on the chopping block.
a/aaa_base-10.2.0-noarch-1.tgz: Bumped version number to 10.2. Edited
initial email.
a/aaa_elflibs-10.2.0-i486-1.tgz: Updated initial library collection.
a/bin-10.2-i486-1.tgz: Upgraded to file-4.15.
a/cxxlibs-5.0.7-i486-1.tgz: Upgraded to libstdc++.so.5.0.7 from gcc-3.3.6.
a/gawk-3.1.5-i486-1.tgz: Upgraded to gawk-3.1.5.
a/hotplug-2004_09_23-noarch-5.tgz: Fix a minor syntax error in rc.hotplug.
(the logging test was always true even if syslogd was not running)
Thanks to Luis Castilho.
Blacklisted a new framebuffer module (arcfb.ko) in 2.6.13.
a/pkgtools-10.2.0-i486-5.tgz: Upgraded to dialog-1.0-20050306, which fixes
a bug that prevented the install-packages scripts from working.
Thanks to Krzysztof Oledzki for pointing out this bug.
a/reiserfsprogs-3.6.19-i486-1.tgz: Upgraded to reiserfsprogs-3.6.19.
a/usbutils-0.11-i486-3.tgz: Upgraded to latest usb.ids.
Note that newer versions of usbutils no longer include the usbmodules
utility, which breaks hotplugging of USB devices on 2.4.x kernels, so until
the default kernel is a 2.6.x version, this is the best version of usbutils
to include.
a/utempter-1.1.3-i486-1.tgz: Upgraded to libutempter-1.1.3.
ap/groff-1.19.1-i486-3.tgz: Fixed a /tmp bug in groffer. Groffer is a
script to display formatted output on the console or X, and is not normally
used in other scripts (for printers, etc) like most groff components are.
The risk from this bug is probably quite low. The fix was pulled from the
just-released groff-1.19.2. With Slackware 10.2 just around the corner it
didn't seem prudent to upgrade to that -- the diff from 1.19.1 to 1.19.2
is over a megabyte compressed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969
(* Security fix *)
ap/zsh-4.2.5-i486-1.tgz: Upgraded to zsh-4.2.5.
d/clisp-2.35-i486-1.tgz: Upgraded to clisp-2.35.
d/libtool-1.5.20-i486-1.tgz: Upgraded to libtool-1.5.20.
d/subversion-1.2.3-i486-1.tgz: Added subversion-1.2.3. This will be the last
last-minute addition in this release cycle. Suggested by many.
kde/kdebase-3.4.2-i486-2.tgz: Patched a bug in Konqueror's handling of
characters such as '*', '[', and '?'.
Generated new kdm config files.
Added /opt/kde/man to $MANPATH.
Patched a security bug in kcheckpass that could allow a local user to
gain root privileges.
For more information, see:
http://www.kde.org/info/security/advisory-20050905-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
(* Security fix *)
l/jre-1_5_0_04-i586-2.tgz: Added /usr/lib/mozilla/plugins directory with a
link to the Java plugin.
l/t1lib-5.1.0-i486-1.tgz: Upgraded to t1lib-5.1.0.
n/dhcp-3.0.3-i486-1.tgz: Upgraded to dhcp-3.0.3.
n/iproute2-2.6.11_050330-i486-2.tgz: Fixed symlinks in /sbin.
Thanks to Krzysztof Oledzki for the Makefile patch.
n/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33.
From the CHANGES file:
Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was
not enforced in per-location context if "SSLVerifyClient optional" was
configured in the global virtual host configuration.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
(* Security fix *)
n/openssh-4.2p1-i486-1.tgz: Upgraded to openssh-4.2p1.
From the OpenSSH 4.2 release announcement:
SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused
GatewayPorts to be incorrectly activated for dynamic ("-D") port
forwardings when no listen address was explicitly specified.
(* Security fix *)
n/php-4.4.0-i486-4.tgz: Added --with-dom. Suggested by Joao Carvalho.
n/ppp-2.4.4b1-i486-1.tgz: Upgraded to ppp-2.4.4b1. This should fix the issues
people were having with demand dialing and persistant connections.
n/rp-pppoe-3.6-i486-1.tgz: Upgraded to rp-pppoe-3.6.
Thanks to Erik Jan Tromp for the build script improvements.
n/samba-3.0.20-i486-2.tgz: Fixed /usr/doc/samba-3.0.20/docs/using_samba
symlink. Thanks to Valentin Avram for the bug report.
n/tcpip-0.17-i486-35.tgz: Changed to a cleaner telnet patch borrowed from
OpenBSD. Two people, both using Slackware 9.1, informed me that the previous
patch for telnet was causing a segfault when used with short hostnames from
/etc/hosts (such as localhost). If anyone is having a similar problem with
other versions of Slackware, let me know. Thanks to Dragan Simic for
telling me about the improved patch.
Fixed a minor syntax error in rc.inet1 in the test for syslogd.pid.
(Thanks to Luis Castilho)
Added brctl and vconfig. (suggested by Jan Rafaj)
Increased timeout for dhcpcd.
Fixed a bit of bad grammar in rc.inet1.conf. ("appending" -> "prepending")
Added a new option "DHCP_IPADDR" to rc.inet1.conf to ask the DHCP server for
a specific IP address. (Thanks to James Michael Fultz for these last two)
n/wget-1.10.1-i486-1.tgz: Upgraded to wget-1.10.1.
xap/jre-symlink-1.0.6-noarch-2: Removed. This is obsolete now that the Java
packages contain symlinks in /usr/lib/mozilla/plugins and Mozilla and
Firefox have been patched to search for plugins in that directory.
xap/mozilla-1.7.11-i486-2.tgz: Patched mozilla startup script to
search for plugins in /usr/lib/mozilla/plugins after searching in
/usr/lib/mozilla-1.7.11/plugins.
xap/mozilla-firefox-1.0.6-i686-2.tgz: Patched firefox startup script to
search for plugins in /usr/lib/mozilla/plugins after searching in
/usr/lib/firefox-1.0.6/plugins.
xap/xpdf-3.01-i486-1.tgz: Upgraded to xpdf-3.01.
extra/bash-completion/bash-completion-20050721-noarch-1.tgz:
Upgraded to bash-completion-20050721.
extra/brltty/brltty-3.6.1-i486-1.tgz: Upgraded to brltty-3.6.1.
extra/grub/grub-0.97-i486-1.tgz: Upgraded to grub-0.97.
Thanks to Kent Robotti for the new version of grubconfig.
extra/jdk-1.5.0_04/jdk-1_5_0_04-i586-2.tgz: Added /usr/lib/mozilla/plugins
directory with a link to the Java plugin.
extra/slackpkg/slackpkg-1.5.1-noarch-2.tgz:
Upgraded to slackpkg-1.5.1-noarch-2. (Thanks to Piter Punk)
extra/slacktrack/slacktrack-1.26-i486-1.tgz: Upgraded to slacktrack-1.26_1.
(Thanks to Stuart Winter)
extra/slacktrack/slacktrack-examples-v1.01.tar.gz:
Upgraded slacktrack build script examples.
kernels/test26.s/: Added a 2.6.13 install kernel.
rootdisks/install.*, isolinux/initrd.img: Fixed install size estimate.
testing/packages/gnupg-1.4.2-i486-1.tgz: Upgraded to gnupg-1.4.2.
testing/packages/linux-2.6.13/alsa-driver-1.0.9b_2.6.13-i486-1.tgz:
Recompiled against Linux 2.6.13.
testing/packages/linux-2.6.13/kernel-generic-2.6.13-i486-1.tgz:
Upgraded to Linux 2.6.13 generic kernel.
testing/packages/linux-2.6.13/kernel-headers-2.6.13-i386-1.tgz:
Upgraded to Linux 2.6.13 kernel headers for x86.
testing/packages/linux-2.6.13/kernel-modules-2.6.13-i486-1.tgz:
Upgraded to Linux 2.6.13 kernel modules.
testing/packages/linux-2.6.13/kernel-source-2.6.13-noarch-1.tgz:
Upgraded to Linux 2.6.13 kernel source.
testing/packages/lvm2/device-mapper-1.01.04-i486-1.tgz:
Upgraded to device-mapper.1.01.04.
testing/packages/lvm2/lvm2-2.01.09-i486-1.tgz:
Upgraded to LVM2.2.01.09.
testing/packages/php-5.0.5/php-5.0.5-i486-4.tgz:
Upgraded to php-5.0.5 with --with-dom and --with-curl options.
+--------------------------+
Tue Aug 30 13:01:43 PDT 2005
a/jfsutils-1.1.8-i486-1.tgz: Upgraded to jfsutils-1.1.8.
a/pciutils-2.1.11-i486-6.tgz: Updated pci.ids.
a/procps-3.2.5-i486-1.tgz: Upgraded to procps-3.2.5.
Thanks to Stuart Winter for informing me that newer 2.6 kernels needed this.
ap/espgs-8.15rc4-i486-1.tgz: Upgraded to espgs-8.15rc4.
ap/mysql-4.1.14-i486-1.tgz: Upgraded to mysql-4.1.14.
kde/kdeedu-3.4.2-i486-2.tgz: Fixed a minor /tmp bug in kvoctrain.
(* Security fix *)
l/pcre-6.3-i486-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the processing of a
specially crafted regular expression. Theoretically this could be a security
issue if regular expressions are accepted from untrusted users to be
processed by a user with greater privileges, but this doesn't seem like a
common scenario (or, for that matter, a good idea). However, if you are
using an application that links to the shared PCRE library and accepts
outside input in such a manner, you will want to update to this new package.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
n/php-4.4.0-i486-3.tgz: Relinked with the system PCRE library, as the builtin
library has a buffer overflow that could be triggered by the processing of a
specially crafted regular expression.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
Recompiled with support for mbstring and cURL.
Thanks to Gerardo Exequiel Pozzi for pointing out that the new MySQL uses
UTF-8, which in turn requires that PHP support multibyte strings. Also,
thanks to Amrit for mentioning that the PHP cURL extentions are useful and
should be included.
n/samba-3.0.20-i486-1.tgz: Upgraded samba-3.0.20.
xap/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
(* Security fix *)
testing/packages/linux-2.6.12.5/alsa-driver-1.0.9b_2.6.12.5-i486-1.tgz
Recompiled against Linux 2.6.12.5.
testing/packages/linux-2.6.12.5/kernel-generic-2.6.12.5-i486-1.tgz
Upgraded to Linux 2.6.12.5 generic kernel.
testing/packages/linux-2.6.12.5/kernel-headers-2.6.12.5-i386-1.tgz
Upgraded to Linux 2.6.12.5 kernel headers for x86.
testing/packages/linux-2.6.12.5/kernel-modules-2.6.12.5-i486-1.tgz
Upgraded to Linux 2.6.12.5 kernel modules.
testing/packages/linux-2.6.12.5/kernel-source-2.6.12.5-noarch-1.tgz
Upgraded to Linux 2.6.12.5 kernel source.
testing/packages/php-5.0.4/php-5.0.4-i486-3.tgz: Relinked with the
system PCRE library, as the builtin library has a buffer overflow
that could be triggered by the processing of a specially crafted
regular expression.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
Recompiled with support for mbstring, cURL, and XSLT.
Thanks to Den (aka Diesel) for suggesting XSLT.
+--------------------------+
Thu Aug 4 22:33:48 PDT 2005
a/e2fsprogs-1.38-i486-2.tgz: Make sure pkgconfig files go to the right
place (/usr/lib/pkgconfig). Thanks to Chad Corkrum.
n/links-2.1pre18-i486-1.tgz: Upgraded to links-2.1pre18, which fixes some
bugs in Javascript handling. Suggested by Roberto Leandrini.
extra/bittornado/bittornado-0.3.12-noarch-1.tgz: Upgraded to bittornado-0.3.12.
Suggested by Adam Young.
+--------------------------+
Thu Aug 4 13:35:29 PDT 2005
a/sysvinit-2.84-i486-56.tgz: Enable swapping again in rc.S after all local
filesystems are mounted read-write. This makes sure that swapfiles get
activated with 2.6 kernels. Thanks to Jingmin (Jimmy) Zhou.
a/e2fsprogs-1.38-i486-1.tgz: Upgraded to e2fsprogs-1.38, needed for new
ext2fs boot label support. Thanks to Jerome Pinot for the heads-up.
l/taglib-1.4-i486-1.tgz: Upgraded to taglib-1.4, which will be needed by
various projects soon. Thanks to Sergei Mutovkin.
xap/xmms-1.2.10-i486-3.tgz: Patched a pause bug in XMMS. Thanks to
Erik Jan Tromp for the bug report and patch.
extra/ham/gmfsk-0.6-i486-2.tgz: Rebuilt to work with hamlib-1.2.4.
extra/ham/hamlib-1.2.4-i486-1.tgz: Upgraded to hamlib-1.2.4 .
extra/ham/proj-4.4.9-i486-1.tgz: Upgraded to proj-4.4.9.
extra/ham/tlf-0.9.23-i486-1.tgz: Upgraded to tlf-0.9.23.
extra/ham/xastir-1.6.0-i486-1.tgz: Upgraded to xastir-1.6.0.
extra/ham/xconvers-0.8.3-i486-1.tgz: Upgraded to xconvers-0.8.3.
extra/ham/xlog-1.2.2-i486-1.tgz: xlog-1.2.2.
Thanks to Arno Verhoeven for all the ham radio package updates!
+--------------------------+
Tue Aug 2 22:34:49 PDT 2005
n/proftpd-1.2.10-i486-4.tgz: Added mod_ctrls_admin module, which is needed to
make use of --enable-ctrls. Thanks again to Roberto Leandrini.
+--------------------------+
Tue Aug 2 15:34:18 PDT 2005
Hi folks,
I think it's time to consider this to be mostly frozen and concentrate on
beta testing in preparation for the Slackware 10.2 release, so there won't
be too many more upgrades and additions. Things are going to be pretty
busy for me over the next couple of weeks besides working on getting 10.2
finalized, but let me know about any issues that need fixing before the
release and I'll get to them just as soon as I can. Have fun!
kde/kdepim-3.4.2-i486-2.tgz: Patched a bug in KMail.
n/proftpd-1.2.10-i486-3.tgz: Recompiled with --enable-ctrls and
--enable-ipv6. Suggested by Roberto Leandrini.
xap/xine-lib-1.0.2-i686-1.tgz: Upgraded to xine-lib-1.0.2.
xap/xine-ui-0.99.4-i686-1.tgz: Upgraded to xine-ui-0.99.4.
extra/blackbox-0.70.0/blackbox-0.70.0-i486-1.tgz: Added
blackbox-0.70.0. This isn't in slackware/xap because there were some
things about it that struck me as not quite right, like the removal of
i18n support, and that the themes didn't seem to work any more (or at
least weren't included). If it's something I'm doing wrong, let me know,
otherwise this can stay here for now...
extra/slackpkg/slackpkg-1.5.0-noarch-3.tgz: Upgraded to
slackpkg-1.5.0-noarch-3 (fixed a mirror URL).
+--------------------------+
Mon Aug 1 11:25:46 PDT 2005
a/sysvinit-2.84-i486-55.tgz: In rc.6, try to use 'rc.inet1 stop' to
bring the network down. Thanks to Eric Hameleers for reminding me
that this sort of thing works now.
extra/k3b/k3b-0.12.3-i486-2.tgz: Rebuilt to fix missing binaries. I
built this on the same machine, no changes to the build script other
than bumping the build number to 2... strange, but I'll take it.
extra/slackpkg/slackpkg-1.5.0-noarch-2.tgz: Upgraded to
slackpkg-1.5.0-noarch-2. Thanks to Piter Punk.
+--------------------------+
Sun Jul 31 17:08:43 PDT 2005
a/sysvinit-2.84-i486-54.tgz: In rc.6, try to use 'dhcpcd -k' to kill
dhcpcd, otherwise a cache file is left behind which may cause problems.
Thanks to Giacomo Rizzo for the bug report.
d/clisp-2.34-i486-1.tgz: Upgraded to clisp-2.34.
d/doxygen-1.4.4-i486-1.tgz: Upgraded to doxygen-1.4.4.
d/oprofile-0.9.1-i486-1.tgz: Upgraded to oprofile-0.9.1.
n/iptables-1.3.3-i486-1.tgz: Upgraded to iptables-1.3.3.
n/rsync-2.6.6-i486-1.tgz: Upgraded to rsync-2.6.6.
n/tcpip-0.17-i486-34.tgz: Upgraded ethtool to ethtool-3.
n/yptools-2.9-i486-1.tgz: Upgraded to yp-tools-2.9, ypbind-mt-1.19.1,
and ypserv-2.18.
xap/jre-symlink-1.0.6-noarch-2.tgz: Upgraded symlink for Mozilla 1.7.11.
xap/mozilla-1.7.11-i486-1.tgz: Upgraded to mozilla-1.7.11.
extra/k3b/k3b-0.12.3-i486-1.tgz: Upgraded to k3b-0.12.3.
extra/k3b/k3b-i18n-0.12.3-noarch-1.tgz: Upgraded to k3b-i18n-0.12.3.
+--------------------------+
Sat Jul 30 13:01:25 PDT 2005
a/smartmontools-5.33-i486-1.tgz: Upgraded to smartmontools-5.33.
a/udev-064-i486-2.tgz: Commented out the new lines in udev.rules. It seems
like these aren't really needed now that the symlink in
/etc/hotplug.d/default/ was restored, and having them there causes a race
race condition that can cause things like wireless adaptors that need to
load firmware to fail to initialize.
Thanks to Andreas Liebschner and Philip Langdale for helping debug this.
ap/espgs-8.15rc3-i486-2.tgz: Removed libtool file that wasn't supposed to be
in the package. Thanks to Mark Post. Also, I had a report that espgs was
not printing margins properly with the Epson C64 printer. If you notice
issues like that it is best to send the reports directly to the espgs
maintainers, as without the hardware in question (or even with, really)
there's little that I can do to fix bugs such as that here.
ap/joe-3.3-i486-1.tgz: Upgraded to joe-3.3.
ap/mc-4.6.1-i486-1.tgz: Upgraded to mc-4.6.1.
e/emacs-21.4a-i486-2.tgz: Patched emacs to change the order some X headers
are included, which fixes a keyboard problem with some non-US keyboards
when running under X.Org. Thanks to Emanuele Vicentini for pointing out
the issue and a patch.
e/emacs-nox-21.4a-i486-2.tgz: Recompiled.
+--------------------------+
Fri Jul 29 10:33:59 PDT 2005
a/etc-5.1-noarch-10.tgz: Added scanner group.
a/getty-ps-2.1.0b-i486-1.tgz: Upgraded to getty-ps-2.1.0b. Thanks to
Jan Rafaj for providing additional bugfixes for this package.
a/hotplug-2004_09_23-noarch-4.tgz: Changed firmware directory from
/usr/lib/hotplug/firmware to /lib/firmware.
Thanks to Lior Kadosh, Steve Caster, Lawrence Teo, Piter Punk, and
Vidar Madsen, all of whom reported this.
a/pkgtools-10.2.0-i486-4.tgz: Fixed toggling rc.dnsmasq and rc.saslauthd
in setup.services. Thanks to Eric Hameleers.
kde/koffice-1.4.1-i486-1.tgz: Upgraded to koffice-1.4.1.
kde/kdeaccessibility-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdeaddons-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdeadmin-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdeartwork-3.4.2-i486-2.tgz: Upgraded to KDE 3.4.2.
kde/kdebase-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdebindings-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdeedu-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdegames-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdegraphics-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdelibs-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdemultimedia-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdenetwork-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdepim-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdesdk-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdetoys-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdeutils-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdevelop-3.2.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kde/kdewebdev-3.4.2-i486-1.tgz: Upgraded to KDE 3.4.2.
kdei/kde-i18n-*.tgz: Upgraded to KDE 3.4.2 i18n packages.
kdei/koffice-l10n-*.tgz: Upgraded to KOffice 1.4.1 l10n packages.
l/arts-1.4.2-i486-1.tgz: Upgraded to arts-1.4.2.
l/fribidi-0.10.5-i486-1.tgz: Added fribidi-0.10.5, needed by AbiWord and
KDE.
l/jre-1_5_0_04-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 4.
n/links-2.1pre17-i486-2.tgz: Recompiled without SDL, which was causing X
libraries to be indirectly linked. Thanks to Kirils Solovjovs.
n/tcpip-0.17-i486-33.tgz: Patched rc.inet1 to make sure that an attempt is
made to bring up the gateway whenever a new interface is loaded by hotplug.
Added support to bring up/down ethernet aliases, like: IFNAME[2]="eth0:1"
(Thanks to Andrey V. Panov for the aliases patch)
Patched two overflows in the telnet client that could allow the execution
of arbitrary code when connected to a malicious telnet server.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
(* Security fix *)
xap/abiword-2.2.9-i486-1.tgz: Upgraded to abiword-2.2.9, which now links
with the new fribidi package. Thanks to Ryan Pavlik for telling me
about the new release, and to the AbiWord team for all the great work.
extra/j2sdk-1.5.0_04/j2sdk-1_5_0_04-i586-1.tgz: Upgraded to Java(TM) 2
Platform Standard Edition Development Kit Version 5.0, Release 4.
+--------------------------+
Tue Jul 26 23:35:18 PDT 2005
ap/vim-6.3.085-i486-1.tgz: Upgraded to patchlevel 85.
d/distcc-2.18.3-i486-2.tgz: Recompiled distccmon-gnome to use only
GTK+ libraries and not GNOME ones.
Thanks to Lasse Collin for suggesting --without-gnome --with-gtk.
d/guile-1.6.7-i486-1.tgz: Upgraded to guile-1.6.7.
n/links-2.1pre17-i486-1.tgz: Upgraded to links-2.1pre17.
n/imapd-4.63-i486-1.tgz: Upgraded to imapd from pine-4.63.
n/netatalk-2.0.3-i486-1.tgz: Upgraded to netatalk-2.0.3.
n/pine-4.63-i486-1.tgz: Upgraded to pine-4.63.
xap/mozilla-1.7.10-i486-2.tgz: Fixed a folder switching bug.
Thanks to Peter Santoro for pointing out the patch.
xap/xvim-6.3.085-i486-1.tgz: Upgraded to patchlevel 85.
+--------------------------+
Mon Jul 25 00:21:30 PDT 2005
n/wireless-tools-27-i486-2.tgz: Build against static libiw.
(Thanks to Lech Szychowski)
+--------------------------+
Sun Jul 24 22:57:27 PDT 2005
n/nail-11.24-i486-1.tgz: Upgraded to nail-11.24.
n/ppp-2.4.3-i486-1.tgz: Upgraded to ppp-2.4.3 and radiusclient-0.3.2.
+--------------------------+
Sun Jul 24 17:50:37 PDT 2005
a/hotplug-2004_09_23-noarch-3.tgz: Modified net.agent to use the new
rc.inet1 syntax (thanks to Eric Hameleers), and added several new
framebuffer modules and the eth1394 module to the blacklist.
a/pkgtools-10.2.0-i486-3.tgz: Added saslauthd and dnsmasq to the services
setup menu.
a/sysvinit-2.84-i486-53.tgz: Added support in /etc/rc.d/rc.M for
starting /etc/rc.d/rc.dnsmasq and /etc/rc.d/rc.saslauthd.
a/udev-064-i486-1.tgz: Upgraded to udev-064. With the help of two new
lines in udev.rules, and a symlink added in /etc/hotplug.d/default that
used to be added by earlier versions of hotplug, udev-064 appears to be
working! Thanks to Piter Punk for the rules and Kris Karas for the link.
l/libxml2-2.6.20-i486-1.tgz: Upgraded to libxml-2.6.20.
n/cyrus-sasl-2.1.21-i486-1.tgz: Upgraded to cyrus-sasl-2.1.21,
added missing /var/state/saslauthd directory and /etc/rc.d/rc.saslauthd
startup script. Thanks to Piter Punk for the help.
n/iproute2-2.6.11_050330-i486-1.tgz: Upgraded to iproute2-2.6.11-050330.
n/lftp-3.2.1-i486-1.tgz: Upgraded to lftp-3.2.1.
n/sendmail-8.13.4-i486-1.tgz: Upgraded to sendmail-8.13.4 compiled with
SASL support. Added a new cf file that supports SASL (this is not the
one installed by default):
/usr/share/sendmail/sendmail-slackware-tls-sasl.cf
Thanks to Joshua Rubin and Piter Punk for the help with SASL support.
n/sendmail-cf-8.13.4-noarch-1.tgz: Upgraded to sendmail-8.13.4, and
added a new sendmail-slackware-tls-sasl.mc config file.
n/tcpip-0.17-i486-32.tgz: Merged in many improvements to rc.inet1
scripts to allow alternate interface names and better networking
support. Thanks to Eric Hameleers for the really great job on this!
When starting rc.portmap for NFS clients, also start rpc.lockd and
rpc.statd, otherwise some Java applications may have problems due to a
lack of locking. Thanks to Dominik L. Borkowski and Piter Punk for
pointing out this issue.
n/wireless-tools-27-i486-1.tgz: Upgraded to wireless_tools.27.
Thanks to Eric Hameleers for the improved rc.wireless scripts.
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
Fix /dev/urandom device (thanks to Daniel de Kok).
Bumped version number to 10.2.
+--------------------------+
Fri Jul 22 13:54:50 PDT 2005
ap/alsa-utils-1.0.9a-i486-2.tgz: Patched rc.alsa to try to load the OSS
compatibility modules with both 2.4 and 2.6 kernels.
Thanks to Cal Peake for the bug report.
ap/mysql-4.1.13-i486-1.tgz: Upgraded to mysql-4.1.13.
l/zlib-1.2.3-i486-1.tgz: Upgraded to zlib-1.2.3.
This fixes an additional crash not fixed by the patch to zlib-1.2.2.
(* Security fix *)
n/fetchmail-6.2.5.2-i486-1.tgz: Upgraded to fetchmail-6.2.5.2.
This fixes an overflow by which malicious or compromised POP3 servers
may overflow fetchmail's stack.
For more information, see:
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
(* Security fix *)
xap/gxine-0.4.6-i486-1.tgz: Upgraded to gxine-0.4.6.
This fixes a format string vulnerability that allows remote attackers to
execute arbitrary code via a ram file with a URL whose hostname contains
format string specifiers.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
(* Security fix *)
xap/xlockmore-5.18-i486-1.tgz: Upgraded to xlockmore-5.18.
+--------------------------+
Fri Jul 22 10:33:41 PDT 2005
a/udev-058-i486-2.tgz: Added a line to udev.rules to (hopefully) help
with the ALSA issues:
KERNEL="controlC[0-9]", NAME="snd/%k", MODE="0666"
Now, it would seem to me that the already-existing line:
KERNEL="controlC[0-9]*", NAME="snd/%k", MODE="0666"
...should have already covered this. It works with previous versions
of udev just fine, and this seems to me to be a udev bug. Oh well,
give it a test and let me know if it's still causing any problems, in
which case I'll probably go back to 054 for the Slackware 10.2 release.
I'd rather not spend the next couple of months dorking around with
udev problems and not getting a Slackware release out because of it.
Thanks to Andris Pavenis for the one line udev.rules fix.
ap/groff-1.19.1-i486-2.tgz: Fixed missing gxditview man page.
Thanks to Stuart Winter.
kde/kdenetwork-3.4.1-i486-2.tgz: Patched overflows in libgadu (used by
kopete) that can cause a denial of service or arbitrary code execution.
For more information, see:
http://www.kde.org/info/security/advisory-20050721-1.txt
(* Security fix *)
xap/abiword-2.2.8-i486-1.tgz: Upgraded to abiword-2.2.8.
xap/fluxbox-0.9.13-i486-1.tgz: Upgraded to fluxbox-0.9.13.
xap/jre-symlink-1.0.6-noarch-1.tgz: Upgraded for firefox-1.0.6 and
Mozilla 1.7.10.
xap/mozilla-firefox-1.0.6-i686-1.tgz: Upgraded to firefox-1.0.6.
xap/mozilla-1.7.10-i486-1.tgz: Upgraded to mozilla-1.7.10.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
(* Security fix *)
xap/mozilla-thunderbird-1.0.6-i686-1.tgz: Upgraded to thunderbird-1.0.6.
xap/windowmaker-0.92.0-i486-1.tgz: Upgraded to WindowMaker-0.92.0.
testing/packages/php-5.0.4/php-5.0.4-i486-2.tgz: Recompiled against
mysql-4.1.12. Thanks to Tyler McGrath for pointing out this needed
to be done.
+--------------------------+
Wed Jul 20 16:17:08 PDT 2005
a/glibc-solibs-2.3.5-i486-4.tgz: Recompiled, as I forgot that with both
linuxthreads and NPTL versions of glibc that the patch would have to be
applied twice. Thanks again to Dirk van Deun for pointing out my error.
a/glibc-zoneinfo-2.3.5-noarch-4.tgz: Rebuilt.
l/glibc-2.3.5-i486-4.tgz: Recompiled.
l/glibc-i18n-2.3.5-noarch-4.tgz: Rebuilt.
l/glibc-profile-2.3.5-i486-4.tgz: Recompiled.
+--------------------------+
Wed Jul 20 09:59:03 PDT 2005
a/glibc-solibs-2.3.5-i486-3.tgz: Recompiled with a patch to fix logging
in using NIS netgroups. Thanks to Dirk van Deun for the bug report and
patch.
a/glibc-zoneinfo-2.3.5-noarch-3.tgz: Rebuilt.
a/sysvinit-2.84-i486-52.tgz: In /etc/rc.d/rc.S, try to umount
/initrd/proc/ before umounting /initrd/.
a/udev-058-i486-1.tgz: Switched to udev-058, as newer versions still have
problems (these are probably caused by the elimination of the
/etc/hotplug.d/ directory, as this used to contain a link to udevstart).
It was pointed out that udev-062 and udev-063 do create the missing
devices if you run udevstart after boot (and possibly after plugging in
new devices), but udev-058 is working fine without any kludges and seems
to be the most stable version to use with 2.6.12.* kernels. Also, made
a fix in /etc/udev/scripts/make_extra_nodes to set a default LANG before
calling /bin/ls to look for cdrom and dvd devices (not all LANG settings
will produce the same number of fields with ls, which can break cd/dvd
symlinks). Thanks to Lukasz Stelmach for pointing out this bug.
e/emacs-21.4a-i486-1.tgz: Upgraded to emacs-21.4a.
This fixes a vulnerability in the movemail utility when connecting to a
malicious POP server that may allow the execution of arbitrary code as
the user running emacs.
(* Security fix *)
e/emacs-info-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a.
e/emacs-leim-21.4-noarch-1.tgz: Upgraded to leim-21.4.
e/emacs-lisp-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a.
e/emacs-misc-21.4a-noarch-1.tgz: Upgraded to emacs-21.4a.
e/emacs-nox-21.4a-i486-1.tgz: Upgraded to emacs-21.4a.
f/linux-howtos-20050718-noarch-1.tgz: Upgraded to Linux-HOWTOs-20050718.
l/glibc-2.3.5-i486-3.tgz: Recompiled with NIS netgroups patch.
l/glibc-i18n-2.3.5-noarch-3.tgz: Rebuilt.
l/glibc-profile-2.3.5-i486-3.tgz Recompiled with NIS netgroups patch.
n/dnsmasq-2.22-i486-1.tgz: Upgraded to dnsmasq-2.22.
This fixes an off-by-one overflow vulnerability may allow a DHCP
client to create a denial of service condition. Additional code was
also added to detect and defeat attempts to poison the DNS cache.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877
(* Security fix *)
n/getmail-4.3.11-noarch-1.tgz: Upgraded to getmail-4.3.11.
kde/koffice-1.4.0b-i486-1.tgz: Upgraded to koffice-1.4.0b.
tcl/expect-5.43.0-i486-1.tgz: Upgraded to expect-5.43.0.
tcl/tcl-8.4.11-i486-1.tgz: Upgraded to tcl-8.4.11.
tcl/tclx-8.3.5-i486-2.tgz: Recompiled.
tcl/tix-8.1.4-i486-2.tgz: Recompiled.
tcl/tk-8.4.11-i486-1.tgz: Upgraded to tk-8.4.11.
xap/xchat-2.4.4-i486-1.tgz: Upgraded to xchat-2.4.4 (and compiled against
the new version of perl. Thanks to Steven E. Woolard for pointing out
that the old xchat package was still depending on the old perl. I've
been known to forget about that one since it doesn't put anything under
/usr/lib/perl/...)
testing/packages/linux-2.6.12.3/alsa-driver-1.0.9b_2.6.12.3-i486-1.tgz:
Recompiled against Linux 2.6.12.3.
testing/packages/linux-2.6.12.3/kernel-generic-2.6.12.3-i486-1.tgz:
Upgraded to Linux 2.6.12.3 generic kernel.
testing/packages/linux-2.6.12.3/kernel-headers-2.6.12.3-i386-1.tgz
Upgraded to Linux 2.6.12.3 kernel headers for x86.
testing/packages/linux-2.6.12.3/kernel-modules-2.6.12.3-i486-1.tgz
Upgraded to Linux 2.6.12.3 kernel modules.
testing/packages/linux-2.6.12.3/kernel-source-2.6.12.3-noarch-1.tgz
Upgraded to Linux 2.6.12.3 kernel source.
+--------------------------+
Fri Jul 15 00:31:30 PDT 2005
testing/packages/gcc-3.4.4/gcc-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-g++-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-g77-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-gnat-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-java-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-objc-3.4.4-i486-1.tgz: Upgraded to gcc-3.4.4.
+--------------------------+
Thu Jul 14 16:02:40 PDT 2005
a/devs-2.3.1-noarch-22.tgz: Added /dev/ACM* devices.
(Thanks to Manolis Tzanidakis)
a/pkgtools-10.2.0-i486-2.tgz: Merged in Jim Hawkins' fixed speed
optimizations for pkgtool.
a/udev-062-i486-1.tgz: Upgraded to udev-062.
This seems to be broken with regard to ALSA devices... I'd suggest
anyone using a 2.6 kernel "chmod 644 /etc/rc.d/rc.udev" unless you want
to help locate and report bugs. It's also possible that this has
something to do with the ever-changing syntax used in the udev.rules
config file. If you find any problems that can be attributed to that,
fixes would be appreciated. For now, rc.udev will be off by default.
ap/mysql-4.1.12-i486-1.tgz: Upgraded to mysql-4.1.12.
ap/texinfo-4.8-i486-1.tgz: Upgraded to texinfo-4.8.
d/perl-5.8.7-i486-1.tgz: Upgraded to perl-5.8.7, DBD-mysql-3.0002,
and DBI-1.48.
kde/kdebindings-3.4.1-i486-2.tgz: Recompiled against perl-5.8.7 and
j2sdk-1_5_0_03.
kde/koffice-1.4.0a-i486-2.tgz: Recompiled against mysql-4.1.12.
kde/qt-3.3.4-i486-2.tgz: Recompiled against mysql-4.1.12.
n/bitchx-1.1-i486-2.tgz: Recompiled against mysql-4.1.12.
n/irssi-0.8.9-i486-7.tgz: Recompiled against perl-5.8.7.
n/php-4.4.0-i486-2.tgz: Recompiled against mysql-4.1.12.
n/popa3d-1.0-i486-1.tgz: Upgraded to popa3d-1.0.
n/tcpdump-3.9.3-i486-1.tgz: Upgraded to libpcap-0.9.3 and tcpdump-3.9.3.
This fixes an issue where an invalid BGP packet can cause tcpdump to
go into an infinate loop, effectively disabling network monitoring.
(* Security fix *)
n/vsftpd-2.0.3-i486-1.tgz: Upgraded to vsftpd-2.0.3.
x/x11-6.8.2-i486-2.tgz: Reverted to the 6.8.1 version of the ATI Rage128
DRI module, as there's an undefined symbol in the newer version that
prevents it from loading and breaks direct rendering for these cards.
This bug has been reported on the freedesktop,org site but appears to
have been closed without a fix...
To observe the problem, on a system with a Rage128 card and DRI
configured, use this command: LIBGL_DEBUG=verbose glxinfo
(Thanks to Andrey V. Panov for the bug report)
xap/gaim-1.4.0-i486-1.tgz: Upgraded to gaim-1.4.0.
xap/imagemagick-6.2.3_3-i486-1.tgz: Upgraded to ImageMagick-6.2.3-3.
xap/jre-symlink-1.0.5-noarch-1.tgz: Upgraded for firefox-1.0.5.
xap/mozilla-firefox-1.0.5-i686-1.tgz: Upgraded to mozilla-firefox-1.0.5.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
(* Security fix *)
xap/mozilla-thunderbird-1.0.5-i686-1.tgz: Upgraded to thunderbird-1.0.5.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird1.0.5
(* Security fix *)
xap/xscreensaver-4.22-i486-2.tgz: Fixed location of man pages.
(Thanks to Alak Trakru)
xap/xv-3.10a-i486-4.tgz: Upgraded to the latest XV jumbo patches,
xv-3.10a-jumbo-fix-patch-20050410 and xv-3.10a-jumbo-enh-patch-20050501.
These fix a number of format string and other possible security issues in
addition to providing many other bugfixes and enhancements.
(Thanks to Greg Roelofs)
(* Security fix *)
testing/packages/linux-2.6.12.2/alsa-driver-1.0.9b_2.6.12.2-i486-1.tgz:
Recompiled for Linux 2.6.12.2.
testing/packages/linux-2.6.12.2/kernel-generic-2.6.12.2-i486-1.tgz
Upgraded to Linux 2.6.12.2 generic kernel (added loopback).
testing/packages/linux-2.6.12.2/kernel-headers-2.6.12.2-i386-1.tgz
Upgraded to Linux 2.6.12.2 kernel headers.
testing/packages/linux-2.6.12.2/kernel-modules-2.6.12.2-i486-1.tgz
Upgraded to Linux 2.6.12.2 kernel modules.
testing/packages/linux-2.6.12.2/kernel-source-2.6.12.2-noarch-1.tgz
Upgraded to Linux 2.6.12.2 kernel sources.
bootdisks/*: Regenerated bootdisks with "Slackware 10.2" label.
extra/bittorrent/bittorrent-4.1.3-noarch-1.tgz: Upgraded to bittorrent-4.1.3.
extra/slackpkg/slackpkg-1.4.1-noarch-5.tgz: Upgraded to
slackpkg-1.4.1-noarch-5. (Thanks to Piter Punk)
extra/slacktrack/slacktrack-1.25-i486-1.tgz: Upgraded to slacktrack-1.25_1.
(Thanks to Stuart Winter)
+--------------------------+
Mon Jul 11 15:06:22 PDT 2005
n/php-4.4.0-i486-1.tgz: Upgraded to php-4.4.0.
This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use
this PEAR class should upgrade to the new PHP package, or as a minimal
fix may instead upgrade the XML_RPC PEAR class with the following command:
pear upgrade XML_RPC
(* Security fix *)
+--------------------------+
Sun Jul 10 22:33:04 PDT 2005
a/pkgtools-10.2.0-i486-1.tgz: In xorgsetup, don't load the freetype module
twice in the outputted xorg.conf file. Also, fix the formatting of the
xorg.conf file. Thanks to Jonathan Woithe for the fixes!
d/gcc-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
d/gcc-g++-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
d/gcc-g77-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
d/gcc-gnat-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
d/gcc-java-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
d/gcc-objc-3.3.6-i486-1.tgz: Upgraded to gcc-3.3.6.
kde/kdeartwork-3.4.1-i486-2.tgz: Patched to fix using screensavers from
xscreensaver >= 4.21. Thanks to Chris Linnet for the fix!
l/libtiff-3.7.3-i486-1.tgz: Upgraded to libtiff-3.7.3.
n/iptables-1.3.2-i486-1.tgz: Upgraded to iptables-1.3.2.
n/rsync-2.6.5-i486-1.tgz: Upgraded to rsync-2.6.5.
tcl/hfsutils-3.2.6-i486-3.tgz: Patched to include , and recompiled
to fix problems on systems using NPTL. Thanks to Dominik L. Borkowski for
pointing out the issue.
xap/gkrellm-2.2.7-i486-1.tgz: Upgraded to gkrellm-2.2.7.
xap/xscreensaver-4.22-i486-1.tgz: Upgraded to xscreensaver-4.22.
+--------------------------+
Fri Jul 8 13:44:53 PDT 2005
l/gnet-2.0.7-i486-3.tgz: Fixed a missing '\' in the ./configure part
of the build that was causing the --prefix to be ignored (and which
I'd formulated an unnecessary patch to work around). Thanks to orlan.
l/libexif-0.6.12-i486-2.tgz: Included a patch from CVS to fix loading
of JPEGs from certain digital cameras in GIMP. This fix has been in
CVS for months, and many people have pointed it out here. Sorry about
the delay in fixing it, but I thought for sure upstream would have
issued a new release by now (long ago, really.)
l/zlib-1.2.2-i486-2.tgz: Patched an overflow in zlib that could cause
applications using zlib to crash. The overflow does not involve user
supplied data, and therefore does not allow the execution of arbitrary
code. However, it could still be used by a remote attacker to create
a denial of service.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
(* Security fix *)
xap/gimp-2.2.8-i486-1.tgz: Upgraded to gimp-2.2.8.
+--------------------------+
Thu Jun 23 16:06:53 PDT 2005
ap/groff-1.19.1-i486-1.tgz: Upgraded to groff-1.19.1.
I'd been putting this off upgrade off because of problems caused by
newer groff versions defaulting to ANSI color output, but found a patch
for man.local and mdoc.local that makes man pages render without color
by default. Hopefully this new groff version won't contain any other
surprises, but I think that was the big one...
ap/man-1.5p-i486-1.tgz: Upgraded to man-1.5p.
ap/vim-6.3.078-i486-1.tgz: Upgraded to patchlevel 78.
kde/koffice-1.4.0a-i486-1.tgz: Upgraded to koffice-1.4.0a.
(This requires the new libgsf and libwpd packages)
kdei/koffice-l10n-*.tgz: Upgraded to new KOffice translation packages.
l/libgsf-1.12.1-i486-1.tgz: Upgraded to libgsf-1.12.1.
l/libwpd-0.8.2-i486-1.tgz: Added libwpd-0.8.2 (needed by KWord).
n/wget-1.10-i486-1.tgz: Upgraded to wget-1.10.
xap/xvim-6.3.078-i486-1.tgz: Upgraded to patchlevel 78.
+--------------------------+
Tue Jun 21 21:56:16 PDT 2005
ap/sudo-1.6.8p9-i486-1.tgz: Upgraded to sudo-1.6.8p9.
This new version of Sudo fixes a race condition in command pathname handling
that could allow a user with Sudo privileges to run arbitrary commands.
For full details, see the Sudo site:
http://www.courtesan.com/sudo/alerts/path_race.html
(* Security fix *)
l/gtk+2-2.6.8-i486-1.tgz: Upgraded to gtk+-2.6.8.
Fixed /etc/gtk-2.0/gdk-pixbuf.loaders to list the SVG loader (svg_loader.so).
(Thanks very much to Alastair Poole for noticing that XFCE was not loading
SVG icons correctly, figuring out the problem, and sending in a fix)
+--------------------------+
Sun Jun 19 21:45:07 PDT 2005
l/jre-1_5_0_03-i586-1.tgz: This already-issued package fixes some
recently announced security issues that could allow applets to read
or write to local files. See:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
(* Security fix *)
extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz: Fixed the slack-desc
to not include the release version to prevent future mishaps.
This already-issued package fixes some recently announced security
issues that could allow applets to read or write to local files.
See:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
(* Security fix *)
+--------------------------+
Tue Jun 14 18:40:39 PDT 2005
ap/flac-1.1.2-i486-2.tgz: Patched the XMMS plugin.
(thanks to Wim Speekenbrink for the patch)
l/glib2-2.6.5-i486-1.tgz: Upgraded to glib-2.6.5.
extra/k3b/k3b-0.12-i486-1.tgz: Upgraded to k3b-0.12.
extra/k3b/k3b-i18n-0.12-noarch-1.tgz: Upgraded to k3b-i18n-0.12.
+--------------------------+
Sun Jun 12 21:48:25 PDT 2005
a/bzip2-1.0.3-i486-1.tgz: Upgraded to bzip2-1.0.3.
a/openssl-solibs-0.9.7g-i486-1.tgz: Upgraded to openssl-0.9.7g libraries.
a/tcsh-6.14.00-i486-1.tgz: Upgraded to tcsh-6.14.00.
ap/espgs-8.15rc3-i486-1.tgz: Upgraded to espgs-8.15rc3, which should fix
problems with PNG and PDF while we wait for a final release on this one.
ap/flac-1.1.2-i486-1.tgz: Upgraded to flac-1.1.2. Note that the library
versions for FLAC have changed, so anything using the FLAC libraries
will need to be recompiled. If I've missed anything, let me know.
ap/vorbis-tools-1.0.1-i486-4.tgz: Recompiled against new Ogg/FLAC libraries.
d/doxygen-1.4.3-i486-1.tgz: Upgraded to doxygen-1.4.3.
kde/kdeaccessibility-3.4.1-i486-1.tgz: Upgraded to kdeaccessibility-3.4.1.
kde/kdeaddons-3.4.1-i486-1.tgz: Upgraded to kdeaddons-3.4.1.
kde/kdeadmin-3.4.1-i486-1.tgz: Upgraded to kdeadmin-3.4.1.
kde/kdeartwork-3.4.1-i486-1.tgz: Upgraded to kdeartwork-3.4.1.
kde/kdebase-3.4.1-i486-1.tgz: Upgraded to kdebase-3.4.1.
kde/kdebindings-3.4.1-i486-1.tgz: Upgraded to kdebindings-3.4.1.
kde/kdeedu-3.4.1-i486-1.tgz: Upgraded to kdeedu-3.4.1.
kde/kdegames-3.4.1-i486-1.tgz: Upgraded to kdegames-3.4.1.
kde/kdegraphics-3.4.1-i486-1.tgz: Upgraded to kdegraphics-3.4.1.
kde/kdelibs-3.4.1-i486-1.tgz: Upgraded to kdelibs-3.4.1.
kde/kdemultimedia-3.4.1-i486-1.tgz: Upgraded to kdemultimedia-3.4.1.
kde/kdenetwork-3.4.1-i486-1.tgz: Upgraded to kdenetwork-3.4.1.
kde/kdepim-3.4.1-i486-1.tgz: Upgraded to kdepim-3.4.1.
kde/kdesdk-3.4.1-i486-1.tgz: Upgraded to kdesdk-3.4.1.
kde/kdetoys-3.4.1-i486-1.tgz: Upgraded to kdetoys-3.4.1.
kde/kdeutils-3.4.1-i486-1.tgz: Upgraded to kdeutils-3.4.1.
kde/kdevelop-3.2.1-i486-1.tgz: Upgraded to kdevelop-3.2.1.
kde/kdewebdev-3.4.1-i486-1.tgz: Upgraded to kdewebdev-3.4.1.
kdei/kde-i18n-*-3.4.1-noarch-1.tgz: Upgraded to KDE 3.4.1 i18n packages.
l/arts-1.4.1-i486-1.tgz: Upgraded to arts-1.4.1.
l/aspell-0.60.2-i486-1.tgz: Upgraded to aspell-0.60.2.
Moved aspell data files into /usr/lib/aspell where most things look for them
rather than the default of /usr/lib/aspell-.
l/aspell-en-6.0_0-noarch-3.tgz: Moved data files into /usr/lib/aspell.
l/gnet-2.0.7-i486-2.tgz: Patched ./configure to not put the package
into /usr/local. Thanks to orlan for pointing out the problem.
l/jre-1_5_0_03-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition
Runtime Environment Version 5.0, Release 3.
l/libao-0.8.6-i486-1.tgz: Upgraded to libao-0.8.6.
l/libogg-1.1.2-i486-1.tgz: Upgraded to libogg-1.1.2.
l/libvorbis-1.1.0-i486-1.tgz: Upgraded to libvorbis-1.1.0.
n/openssh-4.1p1-i486-1.tgz: Upgraded to openssh-4.1p1.
n/openssl-0.9.7g-i486-1.tgz: Upgraded to openssl-0.9.7g.
xap/gaim-1.3.1-i486-1.tgz: Upgraded to gaim-1.3.1 and gaim-encryption-2.38.
This fixes a couple of remote crash bugs, so users of the MSN and
Yahoo! chat protocols should upgrade to gaim-1.3.1.
(* Security fix *)
xap/gimp-2.2.7-i486-1.tgz: Upgraded to gimp-2.2.7.
xap/gimp-help-2-0.8-noarch-1.tgz: Upgraded to gimp-help-2-0.8.
xap/imagemagick-6.2.3_0-i486-1.tgz: Upgraded to ImageMagick-6.2.3-0.
xap/xine-lib-1.0.1-i686-2.tgz: Recompiled against new Ogg/FLAC libraries.
extra/aspell-word-lists: Updated and added several dictionaries, and moved
all data files from /usr/lib/aspell-0.60 to /usr/lib/aspell.
extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz: Upgraded to Java(TM) 2
Platform Standard Edition Development Kit Version 5.0, Release 3.
+--------------------------+
Wed Jun 8 22:25:08 PDT 2005
ap/alsa-utils-1.0.9a-i486-1.tgz: Upgraded to alsa-utils-1.0.9a.
l/alsa-driver-1.0.9b_2.4.31-i486-1.tgz: Upgraded to alsa-driver-1.0.9b,
which works great with both 2.4 and 2.6 kernels.
Big thanks to the ALSA developers for the quick fix!
l/alsa-lib-1.0.9-i486-1.tgz: Upgraded to alsa-lib-1.0.9.
l/alsa-oss-1.0.9-i486-1.tgz: Upgraded to alsa-oss-1.0.9.
l/gnet-2.0.7-i486-1.tgz: Upgraded to gnet-2.0.7.
l/lcms-1.14-i486-1.tgz: Upgraded to lcms-1.14.
l/lesstif-0.94.4-i486-1.tgz: Upgraded to lesstif-0.94.4.
l/libexif-0.6.12-i486-1.tgz: Upgraded to libexif-0.6.12.
l/libgsf-1.12.0-i486-1.tgz: Upgraded to libgsf-1.12.0.
l/libidn-0.5.17-i486-1.tgz: Upgraded to libidn-0.5.17.
l/libieee1284-0.2.10-i486-1.tgz: Upgraded to libieee1284-0.2.10.
l/libtiff-3.7.2-i486-1.tgz: Upgraded to tiff-3.7.2.
l/libungif-4.1.3-i486-1.tgz: Upgraded to libungif-4.1.3.
l/libwmf-0.2.8.3-i486-1.tgz: Upgraded to libwmf-0.2.8.3.
l/libwmf-docs-0.2.8.3-noarch-1.tgz: Upgraded to libwmf-0.2.8.3 docs.
l/mhash-0.9.2-i486-1.tgz: Upgraded to mhash-0.9.2.
n/samba-3.0.14a-i486-1.tgz: Upgraded to samba-3.0.14a.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.31-i486-1.tgz:
Recompiled for Linux 2.4.31.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.11-i486-1.tgz
Recompiled for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/alsa-driver-1.0.9b_2.6.11.11-i486-1.tgz:
Upgraded to alsa-driver-1.0.9b (compiled for Linux 2.6.11.11).
+--------------------------+
Mon Jun 6 20:23:40 PDT 2005
a/kernel-ide-2.4.31-i486-1.tgz: Upgraded to Linux 2.4.31.
a/kernel-modules-2.4.31-i486-1.tgz: Upgraded to Linux 2.4.31 kernel modules.
d/kernel-headers-2.4.31-i386-1.tgz:
Upgraded to kernel headers from Linux 2.4.31.
k/kernel-source-2.4.31-noarch-1.tgz: Upgraded to Linux 2.4.31.
l/alsa-driver-1.0.8_2.4.31-i486-1.tgz: Recompiled for Linux 2.4.31.
alsa-driver-1.0.9a was tested, but attempting to load snd.o produces some
unresolved symbol errors (class_device_destroy and class_device_create).
Seems that the new version of ALSA requires some new features of the 2.6.x
kernel series. ALSA 1.0.8 works with both 2.4.x and 2.6.x kernels, so for
the time being ALSA will stay at 1.0.8. It would be nice to see these
features backported in an official 2.4.32 kernel, or an alsa-driver-1.0.9b
release that can work with either kernel branch...
bootdisks/*: Upgraded to Linux 2.4.31 bootdisks.
kernels/*: Upgraded to Linux 2.4.31 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
Updated kernel modules to 2.4.31.
testing/packages/linux-2.6.11.11/alsa-driver-1.0.8_2.6.11.11-i486-1.tgz:
Recompiled for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-generic-2.6.11.11-i486-1.tgz
Upgraded to Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-headers-2.6.11.11-i386-1.tgz
Upgraded to kernel headers from Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-modules-2.6.11.11-i486-1.tgz
Upgraded to kernel modules for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-source-2.6.11.11-noarch-1.tgz
Upgraded to kernel source for Linux 2.6.11.11.
+--------------------------+
Tue May 17 17:51:29 PDT 2005
xap/xfce-4.2.2-i486-1.tgz: Upgraded to xfce-4.2.2.
+--------------------------+
Mon May 16 15:27:24 PDT 2005
a/glibc-solibs-2.3.5-i486-2.tgz: Recompiled including a patch found
in Debian's glibc sources that fixes an issue with TLS that breaks
X and XMMS on machines that use nVidia's X drivers. This might
also be found in glibc CVS by now, but I'm not sure about that. In
any case, if you had problems before and you're using nVidia's
drivers, this should fix it. Also, I heard a few reports of trouble
with Firefox not working with NPTL -- maybe this will also fix that?
a/glibc-zoneinfo-2.3.5-noarch-2.tgz: Rebuilt.
l/glibc-2.3.5-i486-2.tgz: Recompiled with TLS fix.
l/glibc-i18n-2.3.5-noarch-2.tgz: Rebuilt.
l/glibc-profile-2.3.5-i486-2.tgz: Recompiled with TLS fix.
+--------------------------+
Sun May 15 20:12:03 PDT 2005
n/ncftp-3.1.9-i486-1.tgz: Upgraded to ncftp-3.1.9.
This corrects a vulnerability where a download from a hostile FTP
server might be written to an unintended location potentially
compromising system security or causing a denial of service.
For more details, see:
http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5
(* Security fix *)
xap/jre-symlink-1.0.4-noarch-1.tgz: Upgraded Java(TM) symlink for new
versions of Mozilla Firefox and the Mozilla Suite.
xap/mozilla-1.7.8-i486-1.tgz: Upgraded to mozilla-1.7.8.
Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow
an attacker to run arbitrary code. The Mozilla Suite version 1.7.7
is only partially vulnerable. For more details, see:
http://www.mozilla.org/security/announce/mfsa2005-42.html
(* Security fix *)
xap/mozilla-firefox-1.0.4-i686-1.tgz: Upgraded to firefox-1.0.4.
Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow
an attacker to run arbitrary code. For more details, see:
http://www.mozilla.org/security/announce/mfsa2005-42.html
(* Security fix *)
+--------------------------+
Fri May 13 12:51:03 PDT 2005
Here's the (I'm sure) long awaited upgrade to Slackware's glibc to
include support for NPTL (the Native POSIX Thread Library). NPTL
works with newer kernels (meaning 2.6.x, or a 2.4 kernel that is
patched to support NPTL, but not an unmodified "vanilla" 2.4 kernel
such as Slackware uses) to provide improved performance for threads.
This difference can be quite dramatic in some situations. For example,
a benchmark test mentioned on Wikipedia started 100,000 threads
simultaneously in about 2 seconds on a system using NPTL. The same
test using the old Linuxthreads glibc thread support took around 15
minutes to run! For most applications that do not start large numbers
of threads the difference will not be so large, but for high traffic
servers, databases, or anything that runs large numbers of threads,
NPTL should bring big improvements in scalability and performance.
For compatibility, the regular (linuxthreads) libraries are installed
in /lib, and the new NPTL versions are installed in /lib/tls. Which
versions are used depends on the kernel you're using. If it's newer
than 2.6.4, then the NPTL libraries in /lib/tls will be used. TLS
stands for "thread-local storage", and the directory name /lib/tls is
a little bit misleading since now both the linuxthreads and NPTL
versions of glibc are compiled with TLS support included (this is
needed to produce versions of tools such as ldconfig that can run under
either kind of system).

Getting all the kinks out of the build script to be able to get this to
work with either 2.4 or 2.6 kernels and be able to switch back and forth
without issues was quite a challenge, to say the least, and would have
been much harder without all the good advice and help folks sent in to
help me along and give me important hints. A special thanks goes to
Chad Corkrum for sending in some ./configure options that really helped
get the ball rolling here.

Here's some information about compiling things using these libraries --
by default, if you compile something the headers and shared libraries
used to compile and link the binary will be the linuxthreads versions,
but when you go to run the binary it will link to the NPTL library
versions (and you'll get the NPTL speed improvements) if you are running
an NPTL capable kernel. In rare cases you may find that an old binary
doesn't work right when run against the NPTL libs, and in this case you
can force it to run against the linuxthreads versions by setting the
LD_ASSUME_KERNEL variable to assume the use of a 2.4.x (non-NPTL) kernel
so that NPTL will not be used. An easy way to see the effect of this is
to try something like the following while using an NPTL enabled kernel:

As you can see, now the binary is running against the linuxthreads
version of glibc in /lib. If you find old things that won't work with
NPTL (which should be rare), this is the method you'll want to use to
work around it.

Now for a little note about compiling things. In most cases it will be
just fine to compile against linuxthreads and run against NPTL, and this
approach will produce the most flexible binaries (ones that will run
against either linuxthreads or NPTL.) However, in some cases you might
want to use some of the new functions that are only available in NPTL,
and to do that you'll need to use the NPTL versions of pthread.h and
other headers that are different and link against the NPTL versions of
the glibc libraries. To do this you'll need to add these compile flags
to your build in an appropriate spot:

a/glibc-solibs-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5 shared libs.
a/glibc-zoneinfo-2.3.5-noarch-1.tgz: Upgraded to time zone files from
glibc-2.3.5.
l/glibc-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5.
l/glibc-i18n-2.3.5-noarch-1.tgz: Upgraded to glibc-2.3.5 i18n files.
l/glibc-profile-2.3.5-i486-1.tgz: Upgraded to glibc-2.3.5 profile libs.
xap/gaim-1.3.0-i486-1.tgz: Upgraded to gaim-1.3.0. This fixes a few
bugs which could be used by a remote attacker to annoy a GAIM user by
crashing GAIM and creating a denial of service.
(* Security fix *)
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.9-i486-1.tgz:
Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/alsa-driver-1.0.8_2.6.11.9-i486-1.tgz:
Recompiled for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-generic-2.6.11.9-i486-1.tgz:
Upgraded to Linux 2.6.11.9. Note that as far as these so-called
"sucker" kernels go, I won't be intending to follow every one that's
released, but I figure I might as well upgrade _occasionallly_, as
there's no reason to be testing for bugs that are already well-known.
Anyway, I guess my point here is that when 2.6.11.10 comes out (if it's
not out already , I won't need everyone to be sending me email saying
"new kernel! new kernel!". If, on the other hand, you are personally
affected by a kernel bug that's fixed by a new kernel in this series
feel free to let me know about it. Thanks!
testing/packages/linux-2.6.11.9/kernel-headers-2.6.11.9-i386-1.tgz:
Upgraded to kernel headers from Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-modules-2.6.11.9-i486-1.tgz:
Upgraded to kernel modules for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-source-2.6.11.9-noarch-1.tgz:
Upgraded to kernel source for Linux 2.6.11.9.
+--------------------------+
Sun May 1 22:10:17 PDT 2005
a/hdparm-6.1-i486-1.tgz: Upgraded to hdparm-6.1.
a/kernel-ide-2.4.30-i486-1.tgz: Upgraded to Linux 2.4.30.
a/kernel-modules-2.4.30-i486-1.tgz: Upgraded to Linux 2.4.30 kernel modules.
d/kernel-headers-2.4.30-i386-1.tgz: Upgraded kernel headers from 2.4.30 kernel.
k/kernel-source-2.4.30-noarch-1.tgz: Upgraded to Linux 2.4.30 kernel source.
l/alsa-driver-1.0.8_2.4.30-i486-1.tgz: Recompiled for Linux 2.4.30.
l/gmp-4.1.4-i486-2.tgz: Recompiled with --enable-mpfr.
l/libgtkhtml-2.6.3-i486-1.tgz: Added libgtkhtml-2.6.3 (needed for GIMP's
help browser plugin).
l/librsvg-2.8.1-i486-1.tgz: Added librsvg-2.8.1 (needed for GIMP's SVG
support plugin).
n/bind-9.3.1-i486-1.tgz: Upgraded to bind-9.3.1.
n/getmail-4.3.7-noarch-1.tgz: Upgraded to getmail-4.3.7.
xap/gimp-2.2.6-i486-2.tgz: Rebuilt to include SVG and help browser plugins.
xap/gimp-help-2-0.7-noarch-1.tgz: Added help files for the GIMP image editor.
xap/gxine-0.4.4-i486-1.tgz: Upgraded to gxine-0.4.4.
xap/jre-symlink-1.0.3-noarch-2.tgz: Make sure the directories for the symlinks
are there. (thanks to Eric Le Bras for the bug report)
xap/xine-lib-1.0.1-i686-1.tgz: Upgraded to xine-lib-1.0.1.
This fixes some bugs in the MMS and Real RTSP streaming client code.
While the odds of this vulnerability being usable to a remote attacker are
low (but see the xine advisory), if you stream media from sites using these
protocols (and you think the sites might be "hostile" and will try to hack
into your xine client), then you might want to upgrade to this new version
of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1
are a better rationale to do so, though.
For more details on the xine-lib security issues, see:
http://xinehq.de/index.php/security/XSA-2004-8
(* Security fix *)
bootdisks/*: Upgraded to Linux 2.4.30 bootdisks.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.30-i486-1.tgz:
Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.4.30.
kernels/*: Upgraded to Linux 2.4.30 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
Updated kernel modules to 2.4.30.
+--------------------------+
Thu Apr 21 14:26:29 PDT 2005
d/binutils-2.15.92.0.2-i486-3.tgz: Upgraded to ksymoops-2.4.11.
d/cvs-1.11.20-i486-1.tgz: Upgraded to cvs-1.11.20.
From cvshome.org: "This version fixes many minor security issues in the
CVS server executable including a potentially serious buffer overflow
vulnerability with no known exploit. We recommend this upgrade for all CVS
servers!"
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
(* Security fix *)
d/python-2.4.1-i486-1.tgz: Upgraded to python-2.4.1.
From the python.org site: "The Python development team has discovered a flaw
in the SimpleXMLRPCServer library module which can give remote attackers
access to internals of the registered object or its module or possibly other
modules. The flaw only affects Python XML-RPC servers that use the
register_instance() method to register an object without a _dispatch()
method. Servers using only register_function() are not affected."
For more details, see:
http://python.org/security/PSF-2005-001/
(* Security fix *)
d/python-demo-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 demos.
d/python-tools-2.4.1-noarch-1.tgz: Upgraded to python-2.4.1 tools.
kde/kdebase-3.4.0-i486-2.tgz: Recompiled to link with Cyrus SASL.
kde/kdepim-3.4.0-i486-2.tgz: Recompiled to link with Cyrus SASL.
l/glib2-2.6.4-i486-1.tgz: Upgraded to glib-2.6.4.
l/gtk+2-2.6.7-i486-1.tgz: Upgraded to gtk+-2.6.7.
l/libxml2-2.6.19-i486-1.tgz: Upgraded to libxml2-2.6.19.
l/libxslt-1.1.14-i486-1.tgz: Upgraded to libxslt-1.1.14.
n/cyrus-sasl-2.1.20-i486-1.tgz: Added Cyrus SASL library (for Kmail).
xap/gaim-1.2.1-i486-1.tgz: Upgraded to gaim-1.2.1.
According to gaim.sf.net, this fixes a few denial-of-service flaws.
(* Security fix *)
xap/gimp-2.2.6-i486-1.tgz: Upgraded to gimp-2.2.6.
xap/jre-symlink-1.0.3-noarch-1.tgz: Upgraded Java(TM) symlink for Mozilla
Firefox and added an additional link for the Mozilla Suite.
xap/mozilla-1.7.7-i486-1.tgz: Upgraded to mozilla-1.7.7.
This fixes some security issues. For complete details, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
(* Security fix *)
xap/mozilla-firefox-1.0.3-i686-1.tgz: Upgraded to firefox-1.0.3.
From the mozilla.org site: "Firefox 1.0.3 is a security update that is
part of our ongoing program to provide a safe Internet experience for our
customers. We recommend that all users upgrade to this latest version."
For complete details, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html
(* Security fix *)
xap/xscreensaver-4.21-i486-2.tgz: Patched to fix setgid shadow.
+--------------------------+
Tue Apr 5 12:52:00 PDT 2005
n/php-4.3.11-i486-1.tgz: Upgraded to php-4.3.11.
"This is a maintenance release that in addition to over 70 non-critical bug
fixes addresses several security issues inside the exif and fbsql extensions
as well as the unserialize(), swf_definepoly() and getimagesize() functions."
(* Security fix *)
testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz: Upgraded to php-5.0.4.
Fixes various bugs (and security issues.)
(* Security fix *)
+--------------------------+
Sat Mar 26 23:04:41 PST 2005
a/hotplug-2004_09_23-noarch-2.tgz: Blacklisted a few more modules:
snd-atiixp-modem, snd-intel8x0m, snd-via82xx-modem, and intelfb.
Thanks to Tomas Matejicek, Piter PUNK, and Tobias Svensson for reporting
the problems with hotplug auto-loading these (in the rare event that your
machine actually needs them, they can be manually loaded somewhere else
in the boot scripts, such as rc.modules.)
a/infozip-5.52-i486-1.tgz: Upgraded to unzip-5.52 and zip-2.31.
a/gettext-0.14.3-i486-1.tgz: Upgraded to gettext-0.14.3.
ap/mysql-4.0.24-i486-1.tgz: Upgraded to mysql-4.0.24.
d/automake-1.9.5-noarch-1.tgz: Upgraded to automake-1.9.5.
d/gettext-tools-0.14.3-i486-1.tgz: Upgraded to gettext-0.14.3.
d/libtool-1.5.14-i486-1.tgz: Upgraded to libtool-1.5.14.
gnome/*: Removed from -current, and turned over to community support and
distribution. I'm not going to rehash all the reasons behind this, but it's
been under consideration for more than four years. There are already good
projects in place to provide Slackware GNOME for those who want it, and
these are more complete than what Slackware has shipped in the past. So, if
you're looking for GNOME for Slackware -current, I would recommend looking at
these two projects for well-built packages that follow a policy of minimal
interference with the base Slackware system:

http://gsb.sf.net
http://gware.sf.net

There is also Dropline, of course, which is quite popular. However, due to
their policy of adding PAM and replacing large system packages (like the
entire X11 system) with their own versions, I can't give quite the same sort
of nod to Dropline. Nevertheless, it remains another choice, and it's _your_
system, so I will also mention their project:

http://www.dropline.net/gnome/

Please do not incorrectly interpret any of this as a slight against GNOME
itself, which (although it does usually need to be fixed and polished beyond
the way it ships from upstream more so than, say, KDE or XFce) is a decent
desktop choice. So are a lot of others, but Slackware does not need to ship
every choice. GNOME is and always has been a moving target (even the
"stable" releases usually aren't quite ready yet) that really does demand a
team to keep up on all the changes (many of which are not always well
documented). I fully expect that this move will improve the quality of both
Slackware itself, and the quality (and quantity) of the GNOME options
available for it.

Folks, this is how open source is supposed to work. Enjoy.

kde/kdeaccessibility-3.4.0-i486-1.tgz: Upgraded to kdeaccessibility-3.4.0.
kde/kdeaddons-3.4.0-i486-1.tgz: Upgraded to kdeaddons-3.4.0.
kde/kdeadmin-3.4.0-i486-1.tgz: Upgraded to kdeadmin-3.4.0.
kde/kdeartwork-3.4.0-i486-1.tgz: Upgraded to kdeartwork-3.4.0.
kde/kdebase-3.4.0-i486-1.tgz: Upgraded to kdebase-3.4.0.
kde/kdebindings-3.4.0-i486-1.tgz: Upgraded to kdebindings-3.4.0.
kde/kdeedu-3.4.0-i486-1.tgz: Upgraded to kdeedu-3.4.0.
kde/kdegames-3.4.0-i486-1.tgz: Upgraded to kdegames-3.4.0.
kde/kdegraphics-3.4.0-i486-1.tgz: Upgraded to kdegraphics-3.4.0.
kde/kdelibs-3.4.0-i486-1.tgz: Upgraded to kdelibs-3.4.0.
kde/kdemultimedia-3.4.0-i486-1.tgz: Upgraded to kdemultimedia-3.4.0.
kde/kdenetwork-3.4.0-i486-1.tgz: Upgraded to kdenetwork-3.4.0.
kde/kdepim-3.4.0-i486-1.tgz: Upgraded to kdepim-3.4.0.
kde/kdesdk-3.4.0-i486-1.tgz: Upgraded to kdesdk-3.4.0.
kde/kdetoys-3.4.0-i486-1.tgz: Upgraded to kdetoys-3.4.0.
kde/kdeutils-3.4.0-i486-1.tgz: Upgraded to kdeutils-3.4.0.
kde/kdevelop-3.2.0-i486-1.tgz: Upgraded to kdevelop-3.2.0.
kde/kdewebdev-3.4.0-i486-1.tgz: Upgraded to kdewebdev-3.4.0.
kde/koffice-1.3.5-i486-3.tgz: Recompiled.
kde/qt-3.3.4-i486-1.tgz: Upgraded to qt-3.3.4 (with -stl).
l/atk-1.9.1-i486-1.tgz: Upgraded to atk-1.9.1.
l/arts-1.4.0-i486-1.tgz: Upgraded to arts-1.4.0.
l/expat-1.95.8-i486-1.tgz: Upgraded to expat-1.95.8.
(thanks to Alak Trakru for updating the DESTDIR patch)
l/gtk+2-2.6.4-i486-1.tgz: Upgraded to gtk+-2.6.4.
l/libart_lgpl-2.3.17-i486-1.tgz: Upgraded to libart_lgpl-2.3.17.
l/libglade-2.4.2-i486-1.tgz: Upgraded to libglade-2.4.2.
l/libgsf-1.11.1-i486-1.tgz: Upgraded to libgsf-1.11.1.
l/libidl-0.8.5-i486-1.tgz: Upgraded to libidl-0.8.5, moved from /gnome.
(this is used by Mozilla)
l/libmikmod-3.1.11a-i486-1.tgz: Upgraded to libmikmod-3.1.11a, moved from
/gnome. (this is used by XMMS)
l/libxml2-2.6.18-i486-1.tgz: Upgraded to libxml2-2.6.18.
l/libxslt-1.1.13-i486-1.tgz: Upgraded to libxslt-1.1.13.
l/orbit-0.5.17-i386-1.tgz: Removed obsolete ORBit.
l/pango-1.8.1-i486-1.tgz: Upgraded to pango-1.8.1.
l/shared-mime-info-0.16-i486-1.tgz: Upgraded to shared-mime-info-0.16, moved
from /gnome.
l/startup-notification-0.8-i486-1.tgz: Upgraded to startup-notification-0.8.
n/nail-11.22-i486-1.tgz: Upgraded to nail-11.22.
n/samba-3.0.13-i486-1.tgz: Upgraded to samba-3.0.13.
xap/gaim-1.2.0-i486-1.tgz: Upgraded to gaim-1.2.0 and gaim-encryption-2.36.
(compiled against mozilla-1.7.6)
xap/gimp-2.2.4-i486-1.tgz: Upgraded to gimp-2.2.4.
xap/jre-symlink-1.0.2-noarch-1.tgz: Upgraded Java link for Firefox 1.0.2.
xap/mozilla-1.7.6-i486-1.tgz: Replaced Mozilla, upgraded to 1.7.6.
While I got surprisingly few negative comments about Mozilla's previous
removal from -current, I have decided put it back. Why? Well, it is a good
piece of software with a long and respected history. So, why then, would I
have removed it before? Did I lose my mind? My answer at the time was
that once the Mozilla Foundation indicated that the primary future direction
would be with Firefox and Thunderbird, and that active development on the
traditional Mozilla suite would end, then the writing was already on the
wall. Slackware does not aim to be a Home for Orphaned Software, and if
upstream ceases to support something, then I'll usually follow that lead in
fairly short order. However, Mozilla is being restored for now since I know
it has a strong following, but also because it provides some features (like
the composer) that FF/TB do not, and because the libraries are used in GAIM
to provide support for MSN. I am aware that GNUTLS can also be used for this
purpose, but after looking that (and its dependencies) over, I'd prefer to
not see that enter Slackware at this time. OpenSSL could also be used for
this support in GAIM, but unfortunately there is an incompatibility between
GAIM's GPL license and OpenSSL's BSD-with-advertising-clause license. This
resulting snafu reminds me of a short article by Grigor Gatchev that I
recently read on NewsForge, called "Metalicensing". It's still online, and
I'd suggest it (and the author's site) for a little additional reading on
the topic of free license incompatibilities, and how we might avoid
unintentionally setting these kinds of traps for ourselves. I look forward
to a world with the least possible restrictions on software development, and
I think that step one is to be on guard against accidentally tying our own
hands behind our backs. Having a redundant (but differently free) version
of every component and needing them _all_ to create a complete system does
not strike me as the optimal solution.
/* end "pseudo blog" I hope I didn't offend anybody affiliated with
any of these fine projects, as that is definately not my intent... */
Back to the topic of _this package_, this Mozilla release fixes more than a
dozen security issues (many of which are probably minor and unlikely to
occur in real life, but you be the judge.)
Please see mozilla.org for a complete list.
(* Security fix *)
xap/mozilla-firefox-1.0.2-i686-1.tgz: Upgraded to firefox-1.0.2.
Fixes a GIF heap overflow and some other security issues.
Please see mozilla.org for a complete list.
(* Security fix *)
xap/mozilla-thunderbird-1.0.2-i686-1.tgz: Upgraded to thunderbird-1.0.2.
Fixes a GIF heap overflow and some other security issues.
Please see mozilla.org for a complete list.
(* Security fix *)
xap/xfce-4.2.1.1-i486-1.tgz: Upgraded to xfce-4.2.1.1.
xap/xscreensaver-4.21-i486-1.tgz: Upgraded to xscreensaver-4.21.
extra/k3b/k3b-0.11.23-i486-1.tgz: Upgraded to k3b-0.11.23.
extra/parted/parted-1.6.22-i486-1.tgz: Upgraded to parted-1.6.22.
testing/packages/gnupg-1.4.1-i486-1.tgz: Upgraded to gnupg-1.4.1.
+--------------------------+
Wed Mar 9 21:15:23 PST 2005
a/udev-054-i486-3.tgz: Fixed make_extra_nodes.sh to not require expr, which is
under /usr and might not be available. (thanks to Daniel de Kok)
n/nmap-3.81-i486-1.tgz: Upgraded to nmap-3.81.
n/openssh-4.0p1-i486-1.tgz: Upgraded to OpenSSH 4.0p1.
n/samba-3.0.11-i486-1.tgz: Upgraded to samba-3.0.11.
extra/bittornado/bittornado-0.3.10-noarch-1.tgz: Upgraded to BitTornado-0.3.10.
extra/bittorrent/bittorrent-4.0.0-noarch-1.tgz: Upgraded to BitTorrent-4.0.0.
+--------------------------+
Tue Mar 8 14:23:58 PST 2005
xap/mozilla-firefox-1.0.1-i686-2.tgz: Fixed default mailto: pref to use
Thunderbird. (thanks to Steven E. Woolard)
xap/mozilla-thunderbird-1.0-i686-2.tgz: Fixed default URL handler to use
Firefox for https:// as well as http://. (thanks to Steven E. Woolard)
Fixed background transparency of icon used by the thunderbird.desktop
file. (thanks to Jason Edson)
+--------------------------+
Mon Mar 7 22:16:12 PST 2005
a/udev-054-i486-2.tgz: Removed udev.permissions file and merged the
permissions configuration into the udev.rules file. Also, added support
for numbering multiple cdrom and dvd devices at boot time (thanks to
Michal Kosmulski for sending in the starting diff). Let me know if any
permissions bugs remain... sorry about that last batch 'o bugs -- my
fault for not reading the instructions carefully.
xap/jre-symlink-1.0.1-noarch-1.tgz: Adds a symlink to the Java(TM) plugin.
xap/mozilla-firefox-1.0.1-i686-1.tgz: Added Mozilla Firefox (from the
official binary distribution.) Thanks to the Mozilla Foundation!
xap/mozilla-thunderbird-1.0-i686-1.tgz: Added Mozilla Thunderbird (also
from the official binary distribution.)
xap/mozilla-1.7.5-i486-1.tgz: Removed.
xap/mozilla-plugins-1.7.5-noarch-2.tgz: Removed.
xap/netscape-7.2-i686-1.tgz: Removed.
testing/packages/linux-2.6.11/alsa-driver-1.0.8_2.6.11-i486-1.tgz:
Upgraded to ALSA 1.0.8 for Linux 2.6.11.
testing/packages/linux-2.6.11/kernel-generic-2.6.11-i486-1.tgz:
Upgraded to Linux 2.6.11 generic x86 kernel.
testing/packages/linux-2.6.11/kernel-headers-2.6.11-i386-1.tgz:
Upgraded to Linux 2.6.11 kernel headers.
testing/packages/linux-2.6.11/kernel-modules-2.6.11-i486-1.tgz:
Upgraded to Linux 2.6.11 kernel modules.
testing/packages/linux-2.6.11/kernel-source-2.6.11-noarch-1.tgz:
Upgraded to Linux 2.6.11 kernel source.
+--------------------------+
Mon Feb 28 20:56:58 PST 2005
a/udev-054-i486-1.tgz: Upgraded to udev-054.
ap/espgs-8.15rc2-i486-1.tgz: Upgraded to espgs-8.15rc2.
d/flex-2.5.4a-i486-3.tgz: Replaced old "lex" script with a symlink.
(Thanks to Mike Sullivan)
d/gcc-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
d/gcc-g++-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
d/gcc-g77-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
d/gcc-gnat-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
d/gcc-java-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
d/gcc-objc-3.3.5-i486-1.tgz: Upgraded to gcc-3.3.5.
l/glib2-2.6.3-i486-1.tgz: Upgraded to glib-2.6.3.
l/gtk+2-2.6.3-i486-1.tgz: Upgraded to gtk+-2.6.3.
t/tetex-3.0-i486-1.tgz: Upgraded to teTeX 3.0.
t/tetex-doc-3.0-noarch-1.tgz: Upgraded to teTeX 3.0 documentation.
xap/gaim-1.1.4-i486-1.tgz: Upgraded to gaim-1.1.4 and gaim-encryption-2.35.
+--------------------------+
Mon Feb 14 10:31:43 PST 2005
Upgraded to X11R6.8.2 (these new -current X11 packages will also work just fine
on Slackware 10.1 since no libraries have changed since the 10.1 release)
x/x11-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2.
x/x11-devel-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2.
x/x11-docs-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-docs-html-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-fonts-100dpi-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-fonts-cyrillic-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-fonts-misc-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-fonts-scale-6.8.2-noarch-1.tgz: Upgraded to X11R6.8.2.
x/x11-xdmx-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2.
x/x11-xnest-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2.
x/x11-xvfb-6.8.2-i486-1.tgz: Upgraded to X11R6.8.2.
+--------------------------+
Wed Feb 2 18:22:01 PST 2005

Released Slackware 10.1 stable.

Thanks to everyone who helped out with this release, and especially to the
folks at GUS-BR and SlackSec who helped (and continue to help) with handling
security issues for the last few months, to Andreas Liebschner for keeping
the website updated and running smoothly, to Theresa Elam for all her hard
work running store.slackware.com, to the folks on alt.os.linux.slackware for
pointing out bugs and offering suggestions, to the people on ##slackware
that I met on IRC (and some again in later emails), to Justin, Kyle, and Dean
from the Linux User Group of Rochester, MN who I got to hang out with while
"vacationing" at the Mayo Clinic, to everyone who signed my online Christmas
card (one of the nicest things I ever got), and to all the kind and patient
members of the Slackware community. I hope all of you will enjoy this new
Slackware release.

Have fun!

Your Slackware Maintainer,

Pat

PS I'm looking forward to working with all of you towards the next one, too.
PPS Sorry if that was too much like an Academy Award speech. I could almost
hear that music shoving me off the stage.